Email registration has been working well and I’ve had a number of users activate accounts. Since updating to to 1.5.2 I’ve seen a bunch of bots try and create accounts using various email addresses, some of which seem to be real given two users filed complaints (as reported by Mailgun):

Here’s what the spam accounts look like. I’ll find a way to bulk remove them later but none of them have activated so I’m not particularly concerned about them right now—just sharing for the benefit of others:

@balibebas I know this is slightly off topic for this thread, but if you are concerned about being blocked from mailgun for sending email to these spammers you could use captcha (there is google recaptcha and just a plain built in system too that are options) to prevent these spammers.

Good idea. A PoW-based tiny url might be useful too for accessibility and privacy compared to reCAPTCHA—which I’ve found to be sometimes unbearable gauntlet when using a socks5 proxy while browsing or traveling in SEA. Here’s a mirror which seems like a fun way to get some practice in with WireShark while taking some focus of the actual honey.

This seems to suggest the bots may now be following email activation links. And while I understand reCAPTCHA was added with the 1.6.0 release I have expressed some of my concerns on that already. I have a PoW toolbar UI in beta right now which I may consider adapting for use in the user sign-up flow.